💡 Big News! 🧙 AI Wizard - Instant Page Insights is Here : Explore Smarter, Friendlier Solutions Just for You →
Linux
Web-Server
Letsencrypt Cert

Getting a Let's Encrypt Certificate Using DNS Validation (TXT Record)

Let's Encrypt provides free SSL/TLS certificates. One method to verify domain ownership is DNS validation using a TXT record. This guide explains how to obtain a certificate using this method.

Prerequisites

  • A registered domain name.
  • Access to your domain's DNS management.
  • Certbot installed on your system.

Step 1: Install Certbot

If Certbot is not installed, install it using:

For Debian/Ubuntu:

sudo apt update && sudo apt install certbot

For CentOS/RHEL:

sudo yum install certbot

Step 2: Request a Certificate with DNS Validation

Run the following command to generate a certificate:

sudo certbot certonly --manual --preferred-challenges=dns --email [email protected] -d example.com -d *.example.com
  • --manual: Uses manual DNS validation.
  • --preferred-challenges=dns: Specifies DNS validation.
  • -d example.com -d *.example.com: Requests a wildcard certificate.

Step 3: Add the TXT Record

Certbot will output a DNS TXT record that must be added to your domain's DNS settings. Example:

Please deploy a DNS TXT record under the name:
_acme-challenge.example.com

With the following value:
ABCDEFGHIJKLMN123456789

Go to your DNS provider, add a new TXT record:

  • Name: _acme-challenge.example.com
  • Value: ABCDEFGHIJKLMN123456789

Wait a few minutes for DNS propagation.

Step 4: Complete the Validation

Once the TXT record is added, return to the terminal and press Enter to let Certbot verify the record.

If successful, you will see:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem

Step 5: Configure Your Web Server

For Nginx:

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

Restart Nginx:

sudo systemctl restart nginx

For Apache:

<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>

Restart Apache:

sudo systemctl restart apache2

Step 6: Automate Certificate Renewal

Since DNS validation is manual, automatic renewal is not possible. You will need to repeat the validation process before expiration.

To check renewal status:

sudo certbot renew --dry-run

Conclusion

By following these steps, you can obtain a Let's Encrypt certificate using DNS TXT record validation, useful for wildcard certificates and when HTTP validation is not feasible.

DNS Letsencrypt CertWeb Auth Config
🧙 AI Wizard - Instant Page Insights

Click the button below to analyze this page.
Get an AI-generated summary and key insights in seconds.
Powered by Perplexity AI!